risitasApp login permissions

in #risitasapp3 years ago (edited)
Authored by @lightproject


Hello everyone,

Today I would like to explain how does risitasApp deal with login, and to which degree does it ask for permissions to keychain.

To this day, Hive Keychain is the only login method available.

Why is POSTING auth important


It will minimize the impact or risks. In case of malicious app intentions, whenever you sign with posting key you are basically narrowing down your risks: No operation signed with posting authority can perform any irreversible action such as token or card transfer.

Using keychain browser extension

Keychain is a secured encrypted wallet for Hive. However Keychain can do more than just storing keys: it can also broadcast directly operations to the HIVE blockchain and sign transactions offchain.

First of all, I would like to clarify that risitasApp login mimics the login mechanics of the official UI.

The login mechanics consists of signing a string that consists of: hive account + timestamp

Then you take this string and sign it with your PrivateKey. We do this requesting Keychain to do the signing with requestSignBuffermethod. This method is available here: https://github.com/hive-keychain/hive-keychain-extension#requestsignbuffer

Once thesignatureis ready, it is sent to the backend for verification along with the unsigned string.

The verification takes place by checking the signature against the public key of the account. The last verification is checking that time timestamp is not older than 5 minutes.

Screenshot 2022-02-07 at 12.32.21.png

Most importantly, the signature is requested with your POSTING key.

#splinterlands
3 years ago in #risitasapp by
$3.31
  • Past Payouts $3.31
  • - Author $1.66
  • - Curators $1.66
5 votes
Reply 4
Sort:  
  • Trending
    • [-]
     3 years ago  

    Congratulations @splinter.monster! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s):

    You received more than 50 HP as payout for your posts, comments and curation.
    Your next payout target is 100 HP.
    The unit is Hive Power equivalent because post and comment rewards can be split into HP and HBD

    You can view your badges on your board and compare yourself to others in the Ranking
    If you no longer want to receive notifications, reply to this comment with the word STOP

    Check out the last post from @hivebuzz:

    Valentine's day challenge - Give a badge to your beloved!
    Hive Power Up Month - Feedback from February day 8
    Support the HiveBuzz project. Vote for our proposal!
    $0.00
      Reply